Talking with people (like KQED) about aligning with the Web Literacy Standard.

Setting up a not-so-covert cross-team Mozilla working group that has LOLCAT as an acronym.

Attending my usual weekly calls. I now have four calls in a row between 3pm and 7pm on a Wednesday, which is an absolute killer.

Taking Friday off work to look after my daughter (we’ve got some childcare issues at the moment).

Those childcare issues I’ve alluded to in the last bullet point have contributed to us having to abandon plans to celebrate our wedding anniversary in Amsterdam. So I’ve got a bonus three days at work next week! I’ll be using some of that time to prepare for OKCon in Geneva where I’ll be moderating a panel session.

Monday is Labor Day in the US which will means I’ll have a quiet start to the week. I’m not travelling anywhere so I’m looking forward to getting stuff done before heading to Amsterdam with my wife to celebrate our 10 year wedding anniversary!

TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.

Wow, hello Hacker News readers! You took down my server there for a moment. If you like this you might want to subscribe to my newsletter or read some of my other blogs. Thanks for stopping by!

I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.

So why have I just jumped ship to SpiderOak?

My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profile security breaches. It helped that my yearly renewal was due this Friday.

Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.

It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.

Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.

SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPass and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*

I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’

Changing your password from any computer in your SpiderOak account will reset your password for all your computers and the website. However, if can’t reset your password from another machine and the hint has still not helped you remember your password, then I’m afraid your only option is to open a new account. Here at SpiderOak we take our zero-knowledge privacy policy very seriously, so we never have any knowledge of your password and no way to retrieve or reset it, even in emergencies. It’s our way of ensuring that our customers’ data is always completely secure… even from ourselves! If you need any more assistance recovering your password or resetting your account, please contact support@spideroak.com.

It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak Hive almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.

I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.

Now then, you’ll have to excuse me. I’ve got >100GB to sync… 😉

*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.

Last week I read a blog post entitled Saying no more by Shane Mac. He talks about how the biggest life change he ever made was starting swimming. But, as anyone who does any kind of exercise will tell you, what you put into your body has a huge effect on how hard you find that activity.

After detailing struggles to change his diet, Shane has resolved to say ‘no’ to cigarettes, soda, more than 3 cups of coffee a day, alcohol on worknights, red meat, snacks, bottled water and fried food.

Quite the list.

I sent the blog post to Hannah (my wife) and we talked it over. We’ve come up with five rules of our own of our own, inspired by Shane. Importantly, though, we’re initially only committing to these on weekdays* We can do what we like at weekends!

No sugary drinks

No red meat

No alcohol

No snacks (other than fruit)

No coffee after 4pm

It’s not quite as hardcore as Shane’s version, but it’s eminently doable. And it should have a huge impact on our exercise.

The Silent Writing Collective is all about the process of writing, not about the word count or subsequently publishing it elsewhere. Still, I wrote almost 2,000 words in an hour and felt what I produced was decent enough to post here (unedited, but with formatting improvements).

Ever since the revelations about the National Security Agency in the US hit a few months ago, I’ve been meaning to write about them. Ostensibly, I should be in a position to give some guidance. I usually know enough, conceptually speaking, about privacy and security to be able to give advice to others.

This time, however, things are different. There’s nothing much you can really do when a large, powerful country like the USA decide to wield its power in an undemocratic way. Not only have they got access to a bewildering array of technological innovations, but they’re doing so in a secret way. Just check out the statement on Lavabit’s front page:

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

Lavabit was the encrypted email service used by NSA whistleblower Edward Snowden. Reading between the lines, it appears that the NSA wanted Lavabit to give them access to at least his email account, if not unfettered access to *everyone’s* account. This mixture of absolute power and secrecy is extremely worrying. Not only does it mean they are beyond the control of ‘the people’ in any jurisdiction, but I’m left wondering what kind of advice it’s even worth giving out.

I try to walk the walk in my technological life. I don’t recommend people use things that I don’t use myself. While others I’ve seen on Twitter, Hacker News and other online spaces have attempted to lock things down, I’ve felt a bit powerless. On the one hand, I too want to lock things down. While there’s no clear and present data of me being locked up for anything, I’m not a big fan of some bored NSA employee being able to find out more about me than even I know about myself.

Absolute power corrupts absolutely. We know that. But the response to the revelations amongst the general public so far seems to be ‘meh’. Some have used the classic response of ‘if you’re doing nothing wrong you’ve got nothing to fear’. This is so wrong-headed it’s unbelievable. We all break laws every day – even though the laws of the UK are finally online. If someone has access and can dig through everything you do then of course they’ll find something incriminating. It’s so close to an Orwellian nightmare it’s untrue.

I already overshare on the Internet, it’s true. But that’s both a tactic and an expression of who I am. I believe in my right to free and openly express who I am – and more importantly, how I want to be seen – to the world at large. The thing that concerns me is that I don’t really know where the NSA’s knowledge of me and my actions starts and stops. Apparently they have the ability to eavesdrop on conversations by firing a laser beam at a plastic cup in the same room as their target. Or even a window. There’s a reason why we put curtains on our windows. The spaces in which we know we’re alone (or alone with significant others) are important for self-development and, dare I say it human flourishing.

So what have I done in response to the NSA revelations? Not much, really. I’ve talked a good game and explored various options. I’ve kept up with the news and various articles linked to from Hacker News and The Guardian. But I haven’t actually done much. Part of that is because I don’t want to take the hit on my productivity – many of the ‘more secure’ replacements aren’t as slick or frictionless – but partly for another reason: I don’t feel like my weaponry against governments should be extreme crypto. I feel that it should be democratic processes. If someone or some organisation is abusing it’s power, then the people should have some recourse against them. Even if it’s a different sovereign country, the people of my country should be able to put pressure on them to do something about it.

Some of the things I’ve considered doing include switching from running Mac OS X on my (or rather, Mozilla’s) MacBook Pro to a variant of Linux. The MacBook the machine I use most of the time. Only rarely – like now, actually, as I’m writing this – will I use a ThinkPad X61 running Chromium OS. I’ve tried to use Linux as my main operating system since 1997 when, as a 16 year-old, I bought a book on Red Hat Linux to try and get my head around it. I kind of know my way around some of the commands, but it greatly frustrates me when updates break really important things such as wireless networking. Macs just work in a way I hadn’t experienced before using them. I suppose this ‘Chromiumbook’ isn’t bad, but I just feel that everything I write is fuelling Google’s ad dollars.

I think there’s nothing much we can do from a technological point of view as individual users versus the might of the NSA. Indeed, it might make matters worse as apparently their default filter for ‘is this person dangerous?’ is ‘if they use encryption, yes’. That, of course, makes them not even worth parodying, but does make me want to throw my hands in the air. Instead, though, what I think it’s important to do is to think about security and privacy more generally. What is it that we want to be secure? Who do we want to protect our privacy from?

I’m only speaking for myself here, but I think it might be more widely applicable:

I don’t want to be the victim of identity theft.

I want to be able to surf the Web anonymously if what I’m looking at/for could potentially compromise me personally or professionally.

While I’ve pretty much given up on email ever being secure, I want other communications to be locked down and visible to others only if at least one of the parties involved wants this to be the case.

I want to be able to craft multiple, discrete pseudo-anonymous personas without being forced to reveal the connections between them.

I suppose, overall, I don’t want to be watched or feel that I’m being watched. This might seem odd coming from someone who seemingly tweets and otherwise shares a fair bit of detail from my life. The difference is that it’s under my control. You’re seeing glimpses into my life through the filter or lens that I choose to put on it. That’s autonomy. That’s freedom.

So I am going to make some changes, but I’m not going to go nuts. I’ll keep doing what I can to put pressure on the UK and US governments to do something about the NSA over-reaching. I’ll keep up to date and support organisations like the Electronic Frontier Foundation who campaign on our behalf (their Who’s Got Your Back 2013 is well worth a read). I’m going to see what’s available in terms of other services that may offer more privacy and security. But, instead of automatically jumping ship, I’ll attempt to weigh the productivity cost. If it doesn’t seem to be worth it, then I won’t do it.

For all I’ve written above about how important I see security and privacy, I’ve come to expect that the technological tools I use afford me a certain level of fluency and productivity. My job and professional reputation indirectly (and at times, directly) depend upon this. I suppose there’s a heavily performative notion in there: I have to not only be productive but be seen to be productive (at least in the construct that’s in my head).

Also, it’s important to have at least a connection to ‘the (wo)man on the street’. As soon as you look like, or come across as, a special case then people stop paying attention to you. I’ve experienced some of that because I wrote my doctoral thesis on digital literacies and/or because I now work for Mozilla. “It’s easy for you to say,” people exclaim. Well, it’s not actually. It’s difficult and tortuous and philosophically problematic. I spend far too long thinking about this kind of stuff.

What I think is important is that we build a bridge between those who think the NSA revelations show that western governments somehow have “got our back” and those who, in the words of Marc Scott, have glued a tinfoil hat to their heads. It’s important not to talk past one another on issues like these. After all, these aren’t issues around cryptography or terrorism but around freedom, liberty and the pursuit of happiness, writ large.

The thing that concerns me to the point of lying awake thinking at night is the world that my six year-old son and two year-old daughter will inhabit. My formative years were spent growing up with the Web in its Wild West, frontier town-feel years. Being able to put up a website (in my case, as a sixteen year old, one about Monty Python) and have it accessible anywhere in the world was mind-blowing. But it wasn’t just that. It was the fact that people could connect with one another without boundaries relating to power, geography, class or skin colour.

That’s the Web we’ve lost – it’s well worth reading Anil Dash for more on that. The networked world that my children will inhabit (unless we do something about it) will constrain instead of liberate. It will be something to fear instead of something to embrace. And that greatly saddens me.

So beyond making relevant changes to my own personal setup I suppose I’ve got a responsibility to educate those around me. First, I need to scare them into taking privacy and security seriously. But then, second, I need to show them what appropriate steps look like to protect that. And if, as in the case of the NSA, appropriate steps on a personal level aren’t enough, then I need to encourage them to take appropriate (collective) political action.

I hope this goes some way to explaining why I haven’t got a 10 step guide on what to do to change your hardware/software setup to be NSA-proof. You can’t be. But you, we together can agitate for a better world. That’s not to say we should be complacent about our technological setups. Not at all. Now, more than ever, is a great time to review the information and details that may be unintentionally leaking out to the wider world without your knowledge.

In conclusion, then, I’ll not be breaking out my tinfoil hat anytime soon. And I’ll not be locking down my machines to a ridiculous extent. I’ll be trying out new operating systems, software and even hardware, but still want to be able to use someone else’s machine without huge amounts of hassle. And I need, especially for work reasons, to be able to communicate with others without being some kind of ‘special case’ that other people have to tolerate or, more likely, avoid.

Taking Monday off. I’ve found taking a few long weekends over the summer (giving me 3-day working weeks) has meant I’ve kept on top of stuff. It also means I keep more PTO/holiday days for later in the year when I really need them.

Next week I’ll be observing the Summer Bank Holiday – except for 4-5pm when I’ll be hosting the Web Literacy Standard community call. Other than that, it’s a pretty quiet week just getting ready for normality when everyone goes back to school in September!

Introduction

Recently, I joined the Mentor Team at Mozilla. Each team has their own, slightly different way of working – even if we all tend to use the same tools. Something I really enjoyed during my inaugural Mentor Team call was the period of ‘silent etherpadding’ that it began with.

For the uninitiated:

Etherpad… is a web-based collaborative real-time editor, allowing authors to simultaneously edit a text document, and see all of the participants’ edits in real-time, with the ability to display each author’s text in their own color. There is also a chat box in the sidebar to allow meta communication. (Wikipedia)

At Mozilla we usually use an etherpad as an agenda for our calls. We use one for the Web Literacy Standard community calls, for example. I’ve found using etherpads usually makes for collaborative, democratic experiences.

The idea

I like writing. I like writing and commenting in real time even more. But I only ever do it for work-related things. So I had this idea last night:

How it works:

Every week there’s a new main etherpad where people sign in (being anonymous/pseudoanonymous is fine)

Each person creates a new etherpad and adds the link next to their name on the main weekly etherpad.

Everyone writes for an hour. Or more. Or less.

During that hour people can stop by other people’s pads and comment, chat, etc.(anonymously/pseudoanonymously if you want)